Graylog and AWS quick start

Graylog and AWS quick start

Today let’s examine Graylog – an open source log management tool. I am going to run an AWS EC2 instance based on a publicly available AMI. Current list of images is available here. It’s recommended to have at least 4GB memory for this appliance, so I have chosen t.2medium sized instance. It’s important to set correct security rules. I have created a special rule set for this test graylog server, allowing only the access from my IP. In a production…

Read More Read More

An alternative to Snare Agent – NXLOG

An alternative to Snare Agent – NXLOG

Many companies running SIEM are using Snare agent, especially Snare for Windows. The need for collection of Windows Event Log data (as well as other Windows log files) and transferring it in syslog format is nothing new to the industry. It is even surprising that it has not been yet addressed by Microsoft. Without doubt we can say that Snare is a leading vendor in this field. Snare agent Enterprise version is providing a lot of useful features, for example Agent…

Read More Read More

ELK stack with Amazon Web Services

ELK stack with Amazon Web Services

ELK – Elasticsearch + Logstash + Kibana triad is a leading open source log management solution. In the previous post we have installed Logstash, today let’s focus on Elasticsearch (and Kibana). With AWS, ELK deployment is quite simple as Elasticsearch cluster and Kibana are provided by Amazon as a service. Let’s see how it works. At AWS console select Analytics -> Elasticsearch service. Click “Create new domain” and provide a name for your domain. Instance of “micro” type is available…

Read More Read More

Setting up Logstash with Amazon EC2 and Route 53

Setting up Logstash with Amazon EC2 and Route 53

Introduction Logstash is software used to perform centralized log collection, normalization and enrichment. Used in conjunction with Elasticsearch and Kibana it becomes a powerful log management tool, also known as ELK stack. As a good start, we are going to deploy Logstash 1.5 on Ubuntu 14.04 at EC2, create DNS entries with Route 53 and generate SSL certificates for Logstash. Initial setup – install Java and Logstash In order to run Logstash we need Java. It is recommended to use…

Read More Read More

OSSIM & Azure – initial configuration

OSSIM & Azure – initial configuration

In the previous part of this tutorial we deployed OSSIM instance. Now it’s time for initial configuration. As a good start, let’s configure IP address. VM should have static private address. It can be configured via Azure Portal. Go to Virtual machines (classic) and select OSSIM VM. Then show all settings and select IP address on “General” tab. Use your ssh client to connect to the VM. ssh l adminuser your_dnsname.cloudapp.net Change to root user. sudo su - From the menu select 3 – Jailbreak…

Read More Read More

Deploying OSSIM to MS Azure Cloud

Deploying OSSIM to MS Azure Cloud

In the previous part of this tutorial I have created a VHD with AlienVault OSSIM. The next step is deployment to the Cloud. I am going to use Azure Classic model because it allows to create your own VM images quite easily. The first step is to create a storage account. Go to manage.windowsazure.com and click “+ New” button on the bottom of the page. I am going to upload the file via Azure CLI [Download] and Azure PowerShell [Download], however…

Read More Read More

Creating OSSIM image for MS Azure

Creating OSSIM image for MS Azure

Running SIEM in a Cloud AlienVault OSSIM is an open source SIEM software. It is a great security addition to any low-budget environment. I am going to run OSSIM inside my virtual lab. Unfortunately it is not available on Azure Marketplace (and AWS is offering only paid version of AlienVault SIEM: USM). However it is possible to create your own VM Image and upload it to the Cloud. Creating OSSIM image for MS Azure Download OSSIM iso and VirtualBox. Install VirtualBox. Start…

Read More Read More

Your own VPN Access Server in 10 easy steps

Your own VPN Access Server in 10 easy steps

VPN for everyone There are multiple reasons to use a VPN. You can simply buy a subscription from one of many service providers or… run your own VPN server. Nowadays it is simpler than ever, without even struggling with Linux commands. In addition, with Amazon Web Services (AWS) Free Tier you can have it one year for free. 1. Go to AWS console, EC2. Select the region which is geographically close to you. I’ve chosen “Frankfurt”. 2. Click “Launch Instance” button. 3….

Read More Read More

Tip: Set proxy on Windows Server 2012 via registry file

Tip: Set proxy on Windows Server 2012 via registry file

One simple registry file to set proxy on Windows Server 2012. Just save as a .reg file and double click to add to the registry.

 

Java Timestamp vs Unix Timestamp

Java Timestamp vs Unix Timestamp

Unix timestamp is the number of seconds that have elapsed since midnight of January 1st 1970. To display unix timestamp in shell type: date +%s Sample output is a ten digit number: 1385726996   Java timestamp is the number of milliseconds that have elapsed since midnight of January 1st 1970 (thirteen digit number).

  To display unix timestamp in Java you can divide Java timestamp value by 1000:

  See also: Wikipedia – Year 2038 problem